Data chief challenges US access to European Bank data

Europe's head of data protection has challenged the European Central Bank on its practice of allowing the US secret service access to private bank-transfer data.

The European Data Protection Supervisor, Peter Hustinx, has presented some preliminary observations on the study “The Interception of Bank Transfer Data from the Swift System by the US Secret Services”.

"We have not concluded our investigation on ECB's role yet, but there are already some observations that I can share publicly,” he said.

“I basically challenge the fact that the ECB continued to allow confidential client banking data to pass to the US, although it had become aware of the systematic access by American authorities. Moreover, I cannot help feeling that the ECB should have at least felt morally obliged to inform European governments and authorities about this scheme."

MiFID could kill LSE, says LogicaCMG

LogicaCMG, the IT company supplying many larger financial services customers, says implementation of MiFID rules could lead to the ‘death' of the London Stock Exchange.

The suggestion comes in a report from financial markets analyst Graham Bishop, commissioned by LogicaCMG , which suggests there are three possible industry scenarios after 1 November next year - when MiFID comes into effect – all of which rest on the development of so-called systematic internalisers.

As the regulations would allow larger financial services groups to match client buy and sell orders internally without being forced to go through a recognised exchange such as the LSE , the question now is to what extent internalisation may take place, the report warns.

Benchmarking First For Peterevans Xanite

One of the UK 's leading independent software providers for the financial services sector peterevans has achieved the new B.I.S.S. ‘MiFID' benchmark accreditation for its new ‘xanite' suite.

Gary Wright, C.E.O., of B.I.S.S. Research, the exclusive research company offering a unique benchmarking of services and systems in the financial services sector, and creator of the B.I.S.S. business benchmarking concept said:

"peterevans is the first vendor to put their system through the B.I.S.S. ‘MiFID' benchmarking process and have been awarded the B.I.S.S. Accreditation. The B.I.S.S. ‘MiFID' benchmarking examines systems in the myriad of different areas that the MiFID Articles impact, including front, middle, back office, compliance etc. The award is based on how well the technology supports the clients' requirements for MiFID."

Symantec Outlines Vision of Next-Generation Security

Products and Partnerships Focus on Protecting Information and Interactions, Increasing Customer Confidence in a Connected World

Symantec Corp. today (10 October 2006) outlined its vision for protecting customers from the next generation of threats targeting their information and interactions. The concept Symantec calls Security 2.0 brings together an ecosystem of products, services, and partnerships to help customers remain confident in today's connected world.

“Confidence is the essential component in today's digital world,” said John W. Thompson, Symantec chairman and chief executive officer. “Consumers and enterprises alike need to feel confident that their information is safe and their interactions are secure. Otherwise, the digital lifestyle will not be as exciting or dynamic, and we will not realize the full potential that new technologies bring to the connected world.”

Thompson, speaking at a company event in New York City, said that new technologies are driving new business models and opportunities for more online interaction. The Internet has changed the way consumers bank, shop, and interact online and has enabled them to connect directly to banks and e-tailers to conduct transactions. At the same time, competitive pressures are driving organizations to embrace more online collaboration and information sharing among their increasingly distributed workforces and their global suppliers and partners.

Banks voice unease on new UK police data powers

In computerweekly.com the following article (of which this is a snippet) appears:

UK banks are up in arms over the privacy threat posed by new government powers allowing the police and other agencies to demand the encryption keys that will unlock confidential data.

They say the powers, which will be put into effect in the next few months, could lead to misuse of disclosed keys and compromise the security of data storage. Individual privacy rights would be undermined in the process, hitting the reputation of the UK financial services industry and discouraging investment in the UK.

The banks have also warned that the enforced disclosure of encryption keys under UK law could place them in conflict with secrecy laws in countries such as Switzerland, which require data encryption keys to be kept confidential.

83% of Adults Who Social Network Expose Themselves To Hackers and Identity Thieves

Kicking off October as National Cyber Security Awareness month, CA and the National Cyber Security Alliance (NCSA) today (4 October 2006) announced results of the first social networking study examining the link between specific online behaviors and the potential for becoming a victim of cyber-crime. Although social networking sites, such as MySpace and FaceBook, have been examined from the standpoint of physical security issues, including sexual predators, this survey examines users' online behavior and the possibility of other threats such as fraud, identity theft, computer spyware and viruses. Highlights of the survey include:

Although 57 percent of people who use social networking sites admit to worrying about becoming a victim of cyber-crime, they are still divulging information that may put them at risk. For example 74 percent have given out some sort of personal information, such as their e-mail address, name and birthday.

83 percent of adults social networking are downloading unknown files from other people's profiles potentially opening up their PCs to attacks.

51 percent of parents aware of their children social networking do not restrict their children's profiles so only friends can view, leaving their child's profiles unrestricted to potential predators.

Furthermore, 36 percent of these parents surveyed do not monitor their children on social networking sites at all.

Iconium, a leading UK developer of corporate governance and compliance solutions, today (26 September 2006) announced an extension to Policy Manager, its industry-leading governance framework solution, with the launch of a comprehensive MiFID Library. Developed in conjunction with financial regulation and risk management experts DXL, the library provides financial services firms with the means to commence preparation for the implementation of the Markets in Financial Instruments Directive (MiFID).

Due for implementation on 1 November 2007, MiFID sets the legislative framework for a single European financial services market. It impacts organisations currently governed by the Investment Services Directive, but also extends the range of instruments and services. MiFID will drive the most far-reaching changes in financial markets for over ten years and have a significant impact on financial services regulation and how firms operate and interact with customers.

The MiFID Policy Manager library will provide firms with a stable framework and a clear adoption strategy of MiFID directives as they appear in the coming 12 months. It allows the creation of policies and provides a platform for them to be communicated to all employees and agents, ensuring client-facing staff have access to their firm's latest interpretation of MiFID and the standard MiFID rules. Once in the implementation phase, the MiFID library will fully demonstrate to the regulator that every attempt has been made to educate staff and agents in the requirements of MiFID and to ensure a compliant and uniform treatment of all customers and counterparties.

MiFID intensifies threat to European exchanges

The markets in financial instruments directive could be a significant threat to the business models of Europe's bourses but the exchanges have been dealing with a new world order for some time.

The advent of direct market access, algorithmic trading and increasing globalisation have encroached on their territory and forced them to re-evaluate their business models.

Many see Mifid, which comes into force in November next year (2007), as a catalyst that will accelerate changes that have started to alter the stock exchange landscape. These changes have been wrought by electronic trading platforms, banks increasingly internalising their order flow and fund managers looking to achieve best execution. Exchanges have been forced to add to their technology budgets to keep pace with developments.

Basel II, US Banks Have Until January 2008 to Comply Plus 3 Year Transition Period

U.S. banking agencies announced in late 2005 that U.S. banks will be granted an extension to the January 2007 deadline for Basel II compliance by the Bank for International Settlements. In May, the Basel Committee announced plans to maintain the most recently proposed capital-adequacy guidelines, which will decrease reserve levels for internationally active, diversified institutions based on the adopted approach to credit and operational risk. U.S. banks now have until January 2008 to adhere to the new cross-border capital adequacy mandates, plus an additional three-year transition period, while other global institutions will be required to comply by early 2007.

Basel II brings a much greater level of granularity in the assessment of creditworthiness among obligors. The goal is to align global capitalization standards with current banking practices. This will help minimize the potential for regulatory arbitrage-including known instances in which banks have leveraged certain assets to exploit weaknesses in Basel I's risk weighting system. Basel II promotes three mutually reinforcing standards: minimum risk-based capital set-asides; supervisory review of an institution's capital adequacy and internal risk measurement methodologies; and market discipline through disclosure in order to promote sound practices. In the U.S., guidelines will be mandatory for financial institutions with $250 billion or more in assets or $10 billion or more in foreign exposure.

Deadline for Mifid to be pushed back, warns Farley

The deadline for banks to implement the European Union's Market in Financial Instruments Directive (Mifid) will be put back, according to Peter Farley, managing director of analyst Financial Insights.

“The market is saying it will not happen in November 2007 because those systems would have to be ready by March next year,” he told analyst IDC's European IT Forum 2006. He said, “There's a question about what's implemented on 1 November and where it is implemented, but everything indicates that 1 November is a firm date.”

Mifid requires banks to link their systems to a greater number of financial markets, because banking clients are entitled to the cheapest prices in Europe when transactions are made on their behalf.

IFAs should outsource compliance

Jason Butler, an investment manager and partner, at London-based Bloomsbury Financial Planning said that with increasing regulation, smaller IFAs would have to outsource their compliance in order to stay afloat.

Butler was commenting on the impact of the forthcoming Markets in Financial Instruments Directive (MIFID).

LogMeIn to Add Crime Fighting to Remote Connectivity Repertoire

With each day bringing yet another case of missing laptops and stolen data, LogMeIn, Inc., creator of the world's most widely used remote connectivity and support services, announcedon 26 September 2006 that it would introduce remote "instant shredding" capabilities for its more than three million LogMeIn users.

At the request of its customer, LogMeIn will also make the history of when and where that customer's computers are being used accessible to IT departments and law enforcement, while still keeping users' information safe, secure and private. These theft deterrent and remediation features will be part of detection capabilities already inherent in LogMeIn

Financial services firms on track for market regulation

Most finance firms are now on track with their preparations for compliance with the Markets in Financial Instruments Directive (MiFID), a new survey by TradeTech and SunGuard has revealed.

MiFID, which comes into force next year, is regarded as the biggest change in the European financial services industry for over a decade.

The directive presents a compliance challenge for IT departments, which are already battling to meet the requirements of the Basel II capital accord, the Sarbanes-Oxley Act and International Financial Reporting Standards.

But a survey of 230 executives from finance firms in 12 European countries found that 84% of respondents said their firm was on track with its MiFID preparation.

The latest Internet Security Threat Report released on 25 September 2006 by Symantec shows that because home users are less likely to have established security measures in place, they are being increasingly targeted by attackers for identity theft, fraud, or other financially motivated crime. Furthermore, attackers are now using a variety of techniques to escape detection and prolong their presence on systems in order to gain more time to steal information, hijack the computer for marketing purposes, provide remote access, or otherwise compromise confidential information for profit.

“Understanding the current threat landscape is critical in helping us protect our citizens' online interactions and ensure the availability of our critical systems,” said David Jordan, chief information security and privacy officer for Arlington County, Va. “The current threat intelligence in Symantec's Internet Security Threat Report, combined with our use of leading-edge security technologies, helps us ensure the highest degree of security for our citizens and government agencies.”

Symantec's Internet Security Threat Report notes that home users are the most targeted attack sector, accounting for 86 percent of all targeted attacks, followed by financial services businesses. Symantec has identified increased attacks aimed at client-side applications, increased use of evasive tactics to avoid detection, and that large, widespread Internet worms have given way to smaller, more targeted attacks focusing on fraud, data theft, and criminal activity.

The researchers with iDefense said that they have monitored for VML attacks through Thursday and noted only light traffic. However, iDefense experts said that the attacks increased this morning and that attackers are using three different methods to exploit the flaw.

"VML attacks have ramped up significantly in the past 24 hours," said Ken Dunham, director of the Rapid Resonse Team at iDefense. "At least one domain hosts provider has suffered a large-scale attack leading to index file modifications on over 500 domains to redirect users to a hostile VML exploiting website."

APACS Research reveals people to be unaware of basic security measures when banking online

Research released on 22 September 2006 from APACS, the UK payments association working on behalf of the banking industry, shows that people are still not aware of best practice when it comes to online banking and security. The findings clearly demonstrate that some online banking users are failing to protect themselves, despite widely available advice on how to do so.

The latest study builds on the findings of research carried out in 2004 and shows that people are still unaware of the basic security measures they should have in place to stay safe online. Although internet users are aware of scams such as ‘phishing' and Trojan attacks, they are still overly complacent. They need to do more themselves to understand the risks and find out what they can do to protect themselves and their computers.

VOIP presents major security risk, expert warns

Compliance and Privacy picked up this InfoWorld story on Voice over IP and security breaches. We can't help asking why a respected security researcher needs a nickname, so we searched for The Grugg in Google and came to no conclusion. What we do wonder is "Is his crystal balling right, or has he a different agenda?"

But on to the article:

Banks and other companies switching their phone systems to VOIP (voice over Internet Protocol) are making themselves vulnerable to phishing attacks for which there are currently no effective detection or prevention tools, a security researcher warned Wednesday.

"People will be able to penetrate bank networks and hijack their phone lines," said an independent security researcher, known by his pseudonym The Grugq, in an interview. VOIP is becoming increasingly common as companies and operators look to the technology to help cut costs, which makes them more vulnerable to attack, he said.

Trusted Computing Group Announces Open Specification For Mobile Phone Security

The Trusted Computing Group's Mobile Phone Work Group, which has been working to create an industry-wide approach to securing data, transactions and content, for mobile phones, announced on 13th September 2006 a draft Mobile Trusted Module specification. This open and available specification will enable the development of stronger security, enhanced privacy and reduced risk of loss and theft for mobile phone users and providers of handsets and services.

“Attacks on mobile phones, including viruses, spyware and spam, and the loss of personal and financial information or the handset itself, clearly will increase as phones increasingly become repositories of critical information and transactions for users,” noted Iain Gillot, president and founder of iGR (formerly iGillot Research). “By working together and establishing standards, the mobile industry can move more quickly and efficiently to embed security mechanisms into phones. More security at the platform level can only help the industry continue to offer the services, handset features and content that users want.”

iPay Technologies selected the VeriSign® Identity Protection (VIP) Fraud Detection Service to provide online security for its customers and financial institutions. Under terms of the agreement, iPay Technologies will deploy the VIP Fraud Detection Service to secure customer login and transaction information

VeriSign to Secure WiMAX Standards Wireless Broadband Networks.

VeriSign has been selected by the WiMAX Forum™, the exclusive global organization dedicated to certifying the interoperability of wireless broadband access products based on global standards, to provide PKI-related services to all WiMAX Forum Certified™ solutions based on IEEE 802.16-2004 and ETSI HiperMAN 1.2.1 .

US Ratifies Council of Europe Convention on Cybercrime

On Aug. 3, 2006, the United States Senate ratified the Council of Europe Convention on Cybercrime, a multinational treaty that attempts to foster cooperation on prosecuting Internet-based crimes. Although some privacy organizations are protesting the treaty, overall, the response to America 's ratification of the treaty, especially commentary from leading American security companies, has been quite positive.

To-date, 38 counties have signed the treaty that requires that member countries establish as criminal offenses a wide variety of cyber-related activity, including "the access to the whole or any part of a computer system without right…when committed intentionally, the interception without right, made by technical means, of non-public transmissions of computer data to, from or within a computer system…the damaging, deletion, deterioration, alteration or suppression of computer data without right" (ibid.)., child pornography and other offenses. It also requires that signatory countries establish procedures for dealing with these crimes and provides a prosecutorial framework for international cooperation between signatory countries.